Skype Fixes Random-IM Security Flaw

Update stops instant messages being sent to the wrong person

Skype is rolling out a hotfix for a number of Skype clients that have been affected by a security flaw which sent instant messages (IMs) intended for one contact to another random person on a user’s contact list.

The fix is being rolled out over the next couple of days and Microsoft-owned Skype is recommending that users download them as soon as they become available.

The affected clients are Skype 5.10 for Windows, 5.8 for Mac, 4.0 for Linux and 1.2 for Windows Phone.

Skype Security Flaw

The updates claim to address an issue where if a user’s Skype client crashes during an IM session, the last IM entered or sent could be delivered to a different IM contact after the Skype client is rebooted or if a new user logs in. They also fix a bug on the desktop versions of Skype where it was not possible to save files for users who have a hard disk in FAT32 Format.

“We cannot determine precisely how many users may have been affected by this error, we believe the number is small given the very specific circumstances under which the error occurs,” said Skype. “During further investigation, we confirmed that not all Skype products were affected by this error as originally reported. We can assure that users of Skype 5.9 for Windows, Skype 2.8 for Android and Skype 4.0 for IOS have not been affected.”

Skype had previously been viewed as a safe method of communication as data is stored on the client, rather than any of its servers, as it uses a peer-to-peer system. Researchers last year uncovered a vulnerability that could disclose the location, identity and content of downloads, while Microsoft’s plans to introduce adverts has also raised privacy concerns.

What do you know about Skype? Find out with our quiz!